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[57] ABSTRACT 

A time notarization apparatus and method is disclosed 
which uses a secure, microprocessor based hardware 
platform which performs public key cryptopgraphic 
operations to obtain trusted time stamping with a mini- 
mum of intervention by third parties. The hardware 
platform is encapsulated in a secure fashion so that the 
device's timestamping mechanism may not be readily 
tampered with or altered. The hardware platform in- 
cludes at least one digital clock and a stable, secure 
storage device to record the private half of a public/pri- 
vate key pair. Coupled to both the digital clock and the 
storage device is a data processing device which per- 
forms public key signature operations in a secure and 
tamper-proof manner. Only the processing device has 
access to the secure storage device and its associated 
private key. The hardware platform also includes input- 
/output means which receives a digital message which 
is to be digitally signed and times tamped and which 
outputs the resulting times tamped signature generated 
by the device. The hardware platform also includes a 
power source, (eg., an on-board battery) to ensure the 
accuracy of the device's digital clock and the security of 
storage data prior to installation or in case of a power 
failure. 

40 Claims, 5 Drawing Sheets 
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a back dated signature, the user could create a docu- 

PUBLIC/KEY DATE-TIME NOTARY FACILITY ment which misrepresents itself chronologically. 

One way to resolve this problem is to have all critical 

FIELD OF THE INVENTION documents signed and time stamped by an impartial 

This invention generally relates to an apparatus and 3 notary " 11 ™ y ^ dif ? cu,t 

method for digitally time stamping digital documents » s ? ch 8 PfW or " te d f K f to ob,am 

which are going to be electronically transferred. More .^naces in a timely manner. For isolated users such 

particularly, the invention relates to a method and appa- a notar y «"ght not be readuy available. More- 

ratus for serving as a public key date-time notary facil- 10 over ' ^ P~ may become error-prone, ted.ous. and 

. 10 a source of bottlenecks, while also creating potential 

security breaches, 

BACKGROUND AND SUMMARY OF THE The present invention is directed to an apparatus and 

INVENTION method for performing a time notarization in a secure 

The rapid growth of electronic mail systems, elec- 15 wa /» ™ Me *f 

tronic fund transfer systems, electronic document trans- 5 n0ta 7 accessibility problems, thereby making such 

" ~ : r* z • uwwwwt ««^»- notarization easy for any individual or corporation to 

fcr systems and the like has increased concerns over the ^ " y * y ™' ;r^;L 

» * « j fc j » « t utilize. Moreover, the present invention performs the 

secuntyofttedata^ferredoverun^uredconunu- notari2a tion so as to make it easy for anyone to 

mcation channels. Cryptographic sy terns are widely verff fe notarization ^ t0 rcly on thc notariz ation 

used to ensure the privacy and authenticity of messages 20 ^ tus * economical, and can be 

communicated over such unsecured channels. . , ,K, ... ,f™ rtW i t „ „„„ 

V7 . . - . , , ^ , . used locally without regard to using any external ser- 

Now that information and documents are being ere- v - ces ' ° 

ated, transferred and stored digitally , new requirement ^ t mventioQ ^ a mefms whereb 

now exist for aufcendcation and authorization of such bxSomatim can ^ effectively notarized to have 

uiformation and documents. 25 ^ m ^ ^ time explicitly stated in the 

Unlike paper media, digital originals are able to be notari2adon . eliminat es the possibly of electronic 

readily altered. Furthermore, there is no pmna facia backdatmg & h suoterfuge . 

method for estimating the age or authenticity of digital The timfi notarization apparatus and method of the 

uiforma^tion-unhke physical wntten specimens where esent inventiou ^ a secure, microprocessor based 

age and behavior of chemicals and handwriting pro- 30 hBxdwm latform which rfonns bHc key to . 

vides some means for estimating authenticity and age. ^ tioQS t0 obtain time stamping with 

The advent of pubhc key algonthms now allow for a a minimlim of intervention by third parties. The hard- 
means of digital authentication. These systems range ware latform h encapsulated in a secure fashion so that 
from basic signature systems, such as afforded by the ^ device . s tim estamping mechanism may not be feasi- 
straightforward use of. for example, the RSA Cryp- Wy sub v er ted with or altered. 

tosystem described by U.S. Pat. No. 4,450,829 to more ^ hardware platform includes at least one digital 

complex authorization systems such as described by the dock md a stab i ej secure storage device to record the 

applicant's U.S. Pat. No. 4,868,877, which allows for private half of a public/private key pair. Coupled to 

interlocking protection of coordinated signatures. ^ ^ digital clock and the storage device is a data 

Typically in digital signatures, an individual's certifi- processing device which performs public key signature 

cation (his authorization to use his public key) is inher- operations in a secure and tamper-proof manner. Only 

ently bounded by an expiration date. There are many me processing device has access to the secure storage 

reasons for such a bound. One of these stems from the device and its associated private key. 

fact that in any such system there is a need to be able to 4J The hardware platform also includes input/output 

receive and retain cancellation notices for public keys means which receives a digital message which is to be 

which have been (accidentally) exposed, or whose own- digitally signed and timestamped. The input/output 

ers have been prematurely deprived of authorization. In means may return the resulting timestamped signature 

general, such cancellation notices need to be kept by all generated by the device to the presenter of the docu- 

parties at least until the certificate's prima facia expira- jq ment or store the digital timestamp or dispose of it in 

tion. If expiration dates were not specified, such notices any other appropriate means. The hardware platform 

would have to be retained forever. also includes a power source, (e.g. f an on-board battery) 

If a culprit wishes to circumvent their expiration to ensure the accuracy of the device's digital clock and 

date, he might, in some cases, simply set back the clock the security of stored data continuously during all times 

in their computer and perform their signature at an 55 during device's useful life, 

apparently past time. 

Also, there are many situations (especially now that BRIEF DESCRIPTION OF THE DRAWINGS 
an ever increasing amount of business is done electro ni- These as well as other objects and advantages of this 
cally) where it is useful or sometimes critically impor- invention will be better appreciated by reading the 
tant to ensure that the time and/or date associated with 60 following detailed description of the presently pre- 
a particular event is in fact correct. For example, the ferred exemplary embodiments taken in conjunction 
date of an invention disclosure document can make the with the accompanying drawings of which: 
difference between an inventor securing a valuable FIG. 1 is a block diagram of a public key date/time 
proprietary interest in his invention or acquiring no notary device in accordance with an exemplary em- 
such interest In a business transaction, it may be impor- 65 bodiment of the present invention; 
tant to ensure that the time reported as being associated FIG. 2 is a block diagram showing the device of FIG. 
with a contract or a purchase order is, in fact, correct 1 in conjunction with a document input and various 
In either example, if it were possible for a user to create outputs which indicates how the time stamp is created; 
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FIG. 3 is a flow diagram showing an exemplary 
method for loading and initializing the device of FIG. 1; 

FIG. 4 is a flow diagram showing how the time stamp 
is verified; 

FIG. 5 is a block diagram showing an exemplary 5 
digital clock module; and 

FIG. 6 is a flowchart generally showing the sequence 
of operations performed by the device in FIG. 1 in 
performing the public key signature operation. 

DETAILED DESCRIPTION OF THE 10 
DRAWINGS 

FIG. 1 is a block diagram of a date/time notary de- 
vice 1 in accordance with an exemplary embodiment of 
the present invention. Stated briefly, the device 1 in- 15 
eludes a clock module 4, which is coupled to processor 
6. Processor 6 is also coupled to a storage device 8 and 
a random number generator 10. Each of these compo- 
nents and an on-board power source 12 are mounted on 
a printed circuit or computer board 2. The, circuit board 20 
2 and the components mounted thereon are packaged in 
a secure fashion so that the contents of storage device 8 
cannot be externally accessed or observed and so that 
the digital clock (or clocks) in clock module 4 cannot be 
readily tampered with or altered. 25 

One approach that may be utilized to render the de- 
vice 1 effectively tamper-proof is to dispose epoxy over 
the components on the circuit board so that the compo- 
nent pins cannot be probed or tampered with without 
destruction. The components themselves may be de- 30 
signed to be sensitive to physical tampering so that, for 
example, numeric values associated with the general 
registers in processor 6 are modified in response to 
physical tampering. In this regard, processor 6 may 
have one or more of its input pins coupled to switches 35 
(not shown) embedded in the epoxy which encases it. 
Such a switch will close (or open) in response to tam- 
pering and, for example, generate a distinctive signal 
leVel on a processor input pin. Processor 6 may then, 
for example, respond to the change of state of such an 40 
input pin to, in turn, modify or erase a predetermined 
value, including erasing the private key value stored in 
a processor register or to branch to an error routine to 
thereby prevent the public key date/time notary device 
from operating properly, or having the private key 45 
value discovered. 

Focussing in more detail on FIG. 1, as indicated 
above, embedded m date/time notary device 1 is a clock 
module 4. Clock module 4 may, for example, contain a 
commercially available digital clock such as for exam- 50 
pie, Model No. MM5827BN. Clock module 4 generates 
a time stamp value VI on its output lines 3 and 5. The 
time stamp value VI may be the output of, as described 
above, a single digital clock. Alternatively, the value 
VI may be . an average of the outputs of two or more 55 
digital clocks. It also generates an error signal (not 
shown) when the clocks appear to fail. 

FIG. 5 shows a block diagram of an exemplary clock 
module having multiple digital clocks, e.g., 20, 22. The 
outputs of the digital clocks 20 and 22 are coupled to an 60 
average value generating circuit 23 which averages the 
time stamp signals of clocks 20 and 22 and outputs the 
average time on output lines 3 and 5 as the clock module 
time stamp value VI. 

The outputs of digital clocks 20 and 22 are coupled 65 
to, for example, a subtracter 24 which generates a signal 
indicative of the difference between the digital output 
of clocks 20 and 22. The difference between the outputs 



4 

of clocks 20 and 22 is then coupled to threshold detector 
26. If, and only, if the difference between the clock 
signals exceeds a predetermined threshold, e.g., corre- 
sponding to a difference of greater than several millisec- 
onds per day, threshold detector 26 generates an error 
signal, which is coupled via output line 3 to processor 
module 6. Processor module 6 decodes the error signal 
and enters an error routine which disables device 1 and 
erases the private key. 

The use of multiple digital clocks 20 and 22 is desir- 
able since the date/time notary device 1 is being relied 
on to generate an accurate time stamp. Since it is possi- 
ble that a single digital clock may (over time) begin to 
operate in a defective manner, the use of two (or more) 
digital clocks coupled, as described above, to a thresh- 
old detector substantially enhances the likelihood that 
the clock module will generate an accurate time stamp. 
Additionally, the use of multiple digital clocks provides 
a mechanism for detecting that some party is tampering 
with the clock module. In this regard, if the outputs of 
one of the digital clocks is disturbed, through the use of 
the threshold detector 26, an error signal will likely be 
generated and the device 1 will be thereafter disabled. 
The Subtracter, although shown in the "clock" module, 
may actually be performed by the Processor (6). The 
checking could be performed only when a document is 
presented, or preferably, could be done continuously. 

Turning back to FIG. 1, processor module 6 may, for 
example, be a commercially available microprocessor 
such as an Intel-286 microprocessor. The processor 6 
may be any microprocessor which has sufficient inde- 
pendent computing power to perform or coordinate 
public signature operations in a secure and tamper proof 
manner. 

Coupled to processor module 6 is storage device 8 in 
which a secret private key of a public/private key pair 
is stored. It is important that the contents of storage 
device 8 be only accessible to processor module 6. Stor- 
age device 8 must be a stable, secure storage device 
such that users will be unable to determine the contents 
of the storage device i.e., the private key. Storage de- 
vice 8 is preferably a read only memory (ROM) which 
may also operate as a program memory for processor 
module 6. Storage device 8 may be embodied in proces- 
sor module 6. Any detection of attempted tampering 
should cause this value to be destroyed. 

Date/time notary device notary 1 also includes a 
power source 12, which may be an on-board battery 
having a relatively long life, which supplies power to 
the components shown in FIG. 1, if the device 1 is 
operating in a stand alone fashion and when the device 
is not installed (eg-, during shipping). Alternatively, as 
will be explained further below/if the device 1 is operat- 
ing in conjunction with, for example, an associated 
computer system, then the device 1 may be externally 
powered and power source 12 would serve as a battery 
back-up in case of a power failure. It also must serve to 
keep the system "alive" between when it is initialized 
(at the factory) and the time the user plugs in to an 
external power source. 

The exemplary date/time notary device 1 also in- 
cludes a random value generator 10 which is coupled to 
processor module 6. Random value generator 10 intro- 
duces a random value V3 which is utilized in the public 
key signature operation by processor module 6. Ran- 
dom value generator 10, introduces yet a further degree 
of cryptographic strength to the public key signature 
process by introducing a random input which is oper* 
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ated on. By including this random value in each signa- 
ture, special values, which might give an opponent 
some unforeseen advantage in cracking the signature 
system, cannot be supplied by an opponent Random 
value generator 10 may, for example, be comprised of a 
noise diode which generates unpredictable outputs that 
are used to generate a random number V3. Such ran- 
dom value generators are commercially available and 
may, for example, comprise Model No. 1N751. Random 
value 10 generator may alternatively be implemented 
by, for example, a subroutine executed by processor 
module 6 which utilizes any reasonable random value or 
pseudo-random value generating algorithms (of which 
there are many which are known) to generate values 
V3. The random generator is actually optional and only 
serves to increase the theoretical strength of the algo- 
rithm. 

Prior to describing the manner in which the date-time 
notary device 1 operates, the device input, output and 
the system in which the device 1 will typically operate 20 
will be described in conjunction with FIG. 2. Device 1 
is contemplated to be typically coupled to a processing 
system 14 which may, for example, be an IBM-PC or 
the like. The circuit board 2 is physically inserted into 
the PC so as to be coupled to one of the PC ports. In this 25 
regard, the circuit board 2 would be coupled to a PC 
port in the same fashion as, for example, a display inter- 
face card. The processing system 14 may, in turn, be 
coupled to a telecommunications system via, for exam- 



10 



15 



clocks in module 4 are within a predetermined thresh- 
old of being in complete synchronization. It is noted 
that the output of each of the digital clocks in clock 
module 4 could each be transmitted if desired. In some 
cases, with some signature systems, including RSA, it 
might be possible to only retain the "S" value, since the 
VI value can be extracted therefrom. On the other 
hand, it may be necessary to retain V3 as well as VI. 

The general sequence of operations performed by 
processor 6 is shown in the flowchart of FIG. 6. In 
brief, the processor 6 inputs and temporarily stores each 
of the values VI, V2, and V3 and the secret key residing 
in storage device 8 in, for example, its working RAM 
(not shown). The processor 6 obtains the input value 
V2, which is the document to be notarized, via receiv- 
ing input line 15 and combines this value with the time 
stamp VI received via line 3 and the random value 
generated by module 10 using a publicAey crypto- 
graphic signature operation. In this regard, the combi- 
nation of values VI, V2 and V3 are processed by mod- 
ule 6. using the secret private key stored in storage de- 
vice 8. The signature process may, for example, be 
performed using the RSA digital signature technique 
taught in U.S. Pat No. 4,405,829. 

By way of example only, as shown in FIG. 6, assum- 
ing a 512 bit (64 byte) RSA signature is utilized, V2 is 
input and it (or its hash) is temporarily stored as the 
lower order 16 bytes of the 64 bytes of data which 
represent the input document which is to be notarized 



pie, a telephone link so that it is able to receive digitally 30 V2 (100). There are many well known hashing schemes 



transmitted files, messages, or documents. 

The PC, for example, upon receiving an electronic 
document to be signed inputs a digital bit stream V2 to 
be notarized via its output line 15. Thereafter, a notari- 
zation proof set packet including a notarized time stamp 35 
is returned to the party originally transmitting the elec- 
tronic document to be signed. Processing system 14, of 
course, need not be a PC, but rather may be a larger 
mainframe computer, a network of devices comprising 
a telecommunication system, etc. 

The input value V2 to be signed and time notarized 
may be any digital value, including, for example, a digi- 
tal document which may in actuality represent a pur- 
chase order, a contract, an authorization to perform a 
particular act on behalf of the originator of the docu- 
ment, or any other type of document where it is impor- 
tant to prove that the document existed as of a predeter- 
mined time. The date/time notary device 1 generates a 
notarized time stamp which may be utilized to prove 



40 



45 



which can be used in conjunction with signature sys- 
tems. Another eight bytes of the 64 byte value is utilized 
to store VI the output of the clock module 4 which is 
input via line 3 and temporarily stored (102). The re- 
maining 40 bytes in the value may consist of random bits 
which are constructed from the input received from the 
random number generator 10 (104). This 64 byte num- 
ber is then exponentiated with, for example, a RSA 
private key stored in storage device 8 in accordance 
with the teachings of U.S. Pat. No. 4,405,829 (106). This 
yields the digital signature. After processing the 64 
bytes of data with the stored private key, an output 
signature value is stored (108) and output (110) which is 
identified in FIG. 2 as being the notarized time stamp S. 
There are may ways in which the input V2 and the time 
stamp could be combined in preparation for signing. 

The final value which is included in the notarized 
time stamp proof set (V2, VI, S, C), which is transmit- 
ted to the party whose document is being date/time 



that the document was not created at a point in time 50 notarized, is the manufacturer's certification C. Turning 



after the time indicated on the document The input V2 
may also itself be a user's digital signature of yet another 
digital value. The device may also create a hash of the 
input V2, and embed the hash in the signature rather 
than the entire input V2. 

In an exemplary embodiment of the present inven- 
tion, the notarization proof set packet includes four 
values which are returned to the party transmitting the 
original digital document to be date/time notarized. In 



back to FIG. 2, the manufacturer referred to therein is 
the manufacturer of the date/time notary device 1. The 
manufacturer's certification C will have embodied 
within it the public key 16 which is associated with the 
55 device's private key as well as the manufacturer's public 
key 17 and will include the digital signature of the de- 
vice's public key by the trusted manufacturer. 

Further details regarding the nature of a potentially 
multi-level digital certificate and an exemplary digital 



this regard, as shown in FIG. 2, the digital document or 60 certificate is found in the applicant's U.S. Pat No. 



input value to be notarized, V2, is returned to the docu- 
ment originator. Additionally, the time stamp value VI, 
which is the time output of the clock module 4 is re- 
turned to the document originator and a notarized time 
stamp S is also returned. The time stamp value VI re- 
flects the most accurate time which clock module 4 is 
capable of generating. Time stamp value VI, as previ- 
ously explained will only be generated if the multiple 



4,868,877, which issued Sept. 19, 1989 and is entitled 
"Public Key/Signature Cryptosystem With Enhanced 
Digital Certification", which is incorporated by refer- 
ence herein. As described in detail in the applicant's 
65 patent, the device's public key may, if desired, be certi- 
fied in such a way as to identify the authority of its 
creator. The certification process involves signing this 
new public key with a private key of the trusted manu- 
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facturcr and if desired, expressly indicating the author- key pair using random values which are generated by 

ity which has been granted by the signer (i.e., authoriza- the processor 6 (or are received from the manufacturer 

tion to be a trusted time-notary). Such trust may be during the device's initialization) in a manner consistent 

implicit simply because of the manufacturer's well rec- with any public key signature method, such as e.g., 

ognized public key which is used for the signature. In 5 described in the teachings of the RSA public key cryp- 

this regard, the trusted authority (Le. ( the manufacturer) tography (see U.S. Pat. No. 4,405,829 or 4,868,877) (36). 

is contemplated as having a well-publicized public key, Thereafter, the private key portion is loaded into stor- 

which is known and accepted by all potential users of age device 8 (38). After the private key portion has been 

the device. Such a manufacturer may simply use its stored, an "initialized flag" is set (39) indicating that the 

private key portion to sign the device's newly created 10 device initialization has been completed which insures 

public key. Alternatively as described in the applicant's that the processor 6 cannot be initialized again, 
patent, the delegated authority as a trusted time-notary As indicated in step 40, the processor module 6 then 

might be controlled by a hierarchy of certificates or the transmits the public key which it generated in step 36 to 

manufacturer's signature might indicate co-signing nec- the initializing processor device. It is noted, however, 

essary by one or more other witnesses to reduce the risk 15 that the private key portion of the public/private key 

of corruption by a single manufacturer's representative pair is not transmitted to the initializing processor so 

or by any single party. In such a case, the device's certi- even the initializing processor is not aware of the secret 

fication will need to include information regarding all of private key. Thereafter, a digital signature operation is 

these signatures. Alternatively, U.S. Pat. No. 4,405,829 performed on the transmitted public key (42) using the 

could be applied directly to yield a simple, one-level 20 private key of a trusted authority, e.g. f the manufac- 

certificate which would be validated simply through turer. The initializing processor may perform the signa- 

widespread acceptance and knowledge of the manufac- ture operation (42) to generate a digital signature for the 

turer's public key. device 1. Thus, the manufacturer signs the generated 

In practice, the end user receives the device 1 to- device public key and in so doing verifies, by creating a 

gether with a copy (on a floppy disk) of the public key 25 digital certificate for the device (which may be stored in 

corresponding to the secret private key embedded in the device itself or on a floppy disk separate from the 

the device, the manufacturers' certification of this pub- device), that the time/data notary device 5 is bonafide 

lie key and a program which can be used to feed any and trustworthy. In this regard, the signature process 

input to the device 1 and deliver corresponding output indicates that the signing party has verified that the 

from the device. 30 clocks were initialized to the correct time (44). Further- 

The time stamped notarized signature S (together more, associated with the certificate for the device is 

with items VI, V2 and C) then serves as a notarized the manufacturer's public key which will be utilized by 

record showing that whatever object that was signed the party receiving the date time notarized document to 

did exist at the specified moment (and was in the prox- assure that the date/time stamp is authentic, 
imity of a particular signing device 1). Generally, the 35 If desired, rather than the public/private key pair 

device's output signature and time stamp value VI being generated by the processor module 6, the public/- 

would be typically accompanied by the device's associ- private key pair may be generated by the initialization 

ated public key and the manufacturer's certification of processor. In this fashion, the processor module 6 need 

the device's public key, and the manufacturer's public not have the capability of generating its own public/pri- 

key(s), so that all of these together act as a proof set for 40 vate key pair, thereby saving on program storage. Thus, 

the notarization. The notarized time stamp may then be an alternative method for initializing device 1 is to ini- 

transmitted and/or stored with the object for later tialize the clock values that are used such as in step 34 

proof that the object existed at the specified moment. It shown in FIG. 3, but rather than having the processor 

is noted that, in a special case, when the object being module 6 generate the public/private key pair, such a 

notarized is actually itself a digital signature by some 45 pair would be loaded by the initialization processor, 

other party of some third object (e.g., a document, The initialization processor would then erase its copy of 

purchase order, etc.), the notarization of such a signa- the private part of the key pair immediately after it is 

ture essentially vouches that the signing party did in generated. Thereafter, the initialization process would 

fact, create said signature on or before the specified proceed as previously described in conjunction with 

time. This provides a very clear analog to the standard 50 FIG. 3. 

functions performed by a conventional notary public The recipient of a date/time notarized document, 

service. after electronically receiving and storing the document 

The manner in which the device 1 is loaded is exem- would then verify the time stamp in accordance with 

plified by the flowchart shown in FIG. 3. It is contem- the flowchart shown in FIG. 4. By so verifying the time 

plated that the device 1 will be initially loaded during 55 stamp, the user can prove that the document was ere- 

the manufacturing process. The loading may occur by ated no later than the date and time indicated. The 

coupling the device 1 via its input port 15 (see FIG. 2) digital time stamp on the received document includes an 

to a loading processor (not shown) at the manufacturing input value that has been notarized V2 (50), a time 

plant. stamp VI (52), a notarized time stamp S (54) and a 

As indicated by the flowchart shown in FIG. 3, the 60 manufacturer's certification C (66, 68, 70). It is noted 

device 1 upon being powered on (30) immediately that the notarized time stamp S (54) has embedded 

branches to an initialization mode routine (32). In the within it the values VI, V2, and V3 as described above 

initialization mode, the device 1 enters a loading state in in conjunction with FIGS. 2 and 6. The manufacturer's 

which the clock module 4 is initially set (32). Clock certificate C and the notarized time stamp S are pro- 
module 4 is set based on a universally recognized stan- 65 cessed via a public key operation (56) thereby resulting 

dard time to accurately initialize the digital clocks and a 16-byte value X2, an 8-byte value XI and a 40 byte 

initiate them to begin operation. Thereafter, the proces- random value X3. The values XI, X2, and X3 should be 

sor module 6 internally generates a public key/private equal to values VI, V2, and V3 (which have been de- 
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scribed above in conjunction with FIG. 2) if the time 
stamp was properly notarized. The exact steps shown 
for veryifying the various values are suitable for the 
RSA algorithm. Another sequence of steps may be 
necessary for other public key algorithms. It should be 5 
noted that some public key systems would also need to 
know the "random" value V3. 

XI is then compared with VI as indicated at block 58 
and if the results are not equal, then the time stamp must 
be rejected. If the results of XI is equal to VI as deter- 10 
mined at block 58, then a comparison is made in block 
60 between X2 and the input value that has been nota- 
rized V2 and if the results are not equal the time stamp 
is rejected (64). 

If the results of the comparison in block 60 indicate IS 
that X2 equal V2, then one of the criteria is met for 
determining that the input value has been deliberately 
created prior to the time indicated by VI (82). It is 
noted that the random value X3 could be compared 
with the generated random value V3, if desired, but for 20 
purposes of simplicity, such a comparison is not shown 
in FIG. 4. 

A check of the device's public key is also made in 
FIG. 4. In this regard, from the manufacturer's certifi- 
cate, the signature of the device's public key, which has 25 
been made by the manufacturer (70) and the manufac- 
turer's trusted public key (68) are processed via a public 
key operation (72). The output of the public key opera- 
tion should validate the public key associated with the 
device (66). A comparison is made which compares the 30 
device's public key with the output of the public key 
operation (74). If there is not a match as indicated at 
block 74, then the time stamp is rejected because the 
public key that performed the notarization is not known 
to be trustworthy (80). If the check at blocks 74 and 76 35 
indicate that there is a match, then it is verified that the 
public key did belong to a device created by the manu- 
facturer. Given the confirmation that the device was 
created by the manufacturer and that the time stamp 
was created by the device's public key, then the user 40 
can accept that the document was created prior to the 
time/date indicated by time stamp VI (82). 

While the invention has been described in connection 
with what is presently considered to be the most practi- 
cal and preferred embodiment, it is to be understood 45 
that the invention is not to be limited to the disclosed 
embodiment, but on the contrary, is intended to cover 
various modifications and equivalent arrangements in- 
cluded within the spirit and scope of the appended 
claims. 50 

What is claimed is: 

1. A digital time notarization device for enabling a 
user to digitally notarize digital information without 
regard to any particular recipient of said digital infor- 
mation comprising: 55 

platform means for supporting components; 

clock means for generating clock signals indicative of 
time; 

input means for receiving a digital input value to be 
notarized; 60 

storage means for storing a private key created for 
said device having a corresponding device public 
key where said device public key has been certified 
by a trusted authority, said storage means being 
secured such that said private key is not accessible 65 
to said user, and 

processor means for operating on said clock signals 
and said digital input value using said private key 
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corresponding to the public key certified by said 
trusted authority for generating a notarized time 
stamp, said input means, storage means and proces- 
sor means being supported by said platform means, 
whereby a holder of said device public key certi- 
fied by said trusted authority may verify that said 
notarized time stamp is authentic without any fur- 
ther information regarding said notarization de- 
vice. 

2. A device according to claim 1, further comprising 
random number generator means, coupled to said pro- 
cessor means for generating a relatively unpredictable 
output value, said processor means creating said nota- 
rized time stamp using said unpredictable output value. 

3. A device according to claim 2, wherein said ran- 
dom number generator means includes a noise generat- 
ing diode. 

4. A device according to claim 2, wherein said ran- 
dom number generator means comprises a random num- 
ber generating subroutine executed by said processor 
means. 

5. A device according to claim 1, wherein said clock 
means includes a plurality of digital clocks. 

6. A device according to claim 5, further including 
averaging means coupled to receive the outputs of said 
plurality of digital clocks for generating a time output 
signal which is the average of the outputs of said plural- 
ity of digital clocks. 

7. A device according to claim 5, further including 
threshold detecting means for generating an error signal 
if the difference between the outputs of said plurality of 
clocks exceeds a predetermined threshold. 

8. A device according to claim 1, further including 
means for rendering said device effectively tamper- 
proof. 

9. A device according to claim 8, further including 
means for encapsulating said clock means and said pro- 
cessor means on said platforms means such that said 
clock means and said processor means can not be 
readily tampered with. 

10. A device according to claim 8, further including 
switch means coupled to said processor means, said 
processor means including means responsive to a 
change of state of said switch means for preventing said 
device from operating properly. 

11. A device according to claim 1, wherein said pro- 
cessor means comprises computational means for per- 
forming a public key digital signature operation on said 
input value and said clock signals. 

12. A device according to claim 1, further including 
power supply means, disposed on said platform means 
for supplying power to components disposed on said 
platform means. 

13. A device according to claim 1, wherein said input 
value represents at least one digital message, said input 
means being coupled to said processor means, for re- 
ceiving said input value, and for supplying said input 
value to said processor means, whereby said device may 
be coupled to a communications system for receiving a 
digital message to be time stamped and for transmitting 
a time stamped notarized digital document to said com- 
munications system. 

14. A device according to claim 1, wherein said pro- 
cessor means includes means for generating a public 
key/private key pair. 

15. A device according to claim 1, wherein said pro- 
cessor means includes flag means for storing an indica- 
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tion that the notarization initialization has been com- processing means including means for transmitting a 

pl cted digital time stamped notarization proof set. 

16. A digital time notarization system comprising: 28. A system according to claim 16, further including 
data processing means for performing data processing means for generating a proof set which includes at least 

related tasks- 5 a notarized time stamp and the digital certificate by the 

a digital time notarization device coupled to said data manufacturer of the device of the device's public key. 

processing means, said notarization device includ- 29. A system according to claim 28, wherein the 

r manufacturer's certificate includes the public key of the 

platform means for supporting digital components; device and it's signature by the manufacturer's public 

input means, disposed on said platform means, for 10 kev - . . 

receiving fromuid data processing means an input 30. A method of digitally time notarizing a digital 

value to be time notarized; message comprising the steps of: 

storage means, disposed on said platform means, for receiving * *»tal message to .be date/time notarized 

storing a private key created for said notarization *>y • spec? 1 P™P«e dimtal notarization device; 

device said private key having a corresponding " gating clock signals indicative of time within said 

device public key, said devic^ pubUc key having cfeated for ^ device ^ 

been certified by a trusted authority; « P * ^ ^ 

clock means, disposed on said platform means for notarization dev ice, £id private key having a cor- 

generating clock .signals ^ indicative of time; and- responding device public key, said device public 

processor means, disposed on said platform means, keying been certified by a trusted authority; 

for operating on said clock signals and said input ^ ° 

value using said private key and for generating a operating on ^ digital message, and said clock 

notarized time stamp. signals, using said private key, whereby a notarized 

17. A system according to claim 16, wherein said data ^ ^ ^ b generated by ^ notarization device, 
processing means includes a personal computer. 31 A metnod according to claim 30, further includ- 

18. A system according to claim 16, wherein said data . the steps of 

processing means includes a plurality of ports and said generating a relatively unpredictable value, and 

platform means is coupled to one of said ports. creating said notarized time stamp using said unpre- 

19. A system according to claim 16, wherein said data 3Q dictable value. 

processing means includes a telecommunications system 32 A mct hod according to claim 30, further includ- 

for coupling digital messages to be time stamped to said ing ^ step 0 f encapsulating components on said device 

device and for receiving time stamped signatures from sucfl tnat ^ components can not be readily tampered 

said device. ^vith. 

20. - A system according to claim 16, further compris- 35 33 A method according to claim 30, wherein said 
ing random number generator means, coupled to said receiving step includes receiving said digital value from 
processor means for generating a relatively unpredict- a data processing system. 

able output value, said processor means creating said 34 a method according to claim 30, further includ- 

notarized time stamp using said unpredictable output mg ^e step 0 f generating a public key/private key pair 

value. 40 within a processor in said special purpose device. 

21. A system according to claim 16, wherein said 35. a method according to claim 30, further includ- 
clock means includes a plurality of digital clocks. mg the step of initializing said special purpose device 

22. A system according to claim 21, further including pr ior to said receiving step and 

averaging means coupled to receive the outputs of said storing an indication within said special purpose de- 
plurality of digital clocks for generating a time of day 45 vice that the initialization has been completed, 
output signal which is the average of the outputs of said 3$. a method according to claim 30 further including 
plurality of digital clocks. the step of generating a digital time stamped notariza- 

23. A system according to claim 21, further including tion proof set. 

threshold detecting means for generating an error signal 37. a method according to claim 30, wherein said 

if the difference between the outputs of said plurality of 50 trusted authority is the manufacturer of the device and 

clocks exceeds a predetermined threshold. further including the step of generating a proof set 

24. A system according to claim 16, further including which includes at least a notarized time stamp and the 
means for encapsulating said clock means and said pro- digital certificate by the manufacturer of the device of 
cessor means on said platforms means such that said the device's public key. 

clock means and said processor means can not be feasi- 55 38. A method according to claim 30, further includ- 

bly tampered with. ing the step of initializing said device by: 

25. A system according to claim 16, wherein said initializing a clock module within the device generat- 
processor means comprises computational means for ing a public/private key pair, and 
performing a public key digital signature operation loading the private key in a storage device within said 
using said input value and said clock signals. 60 device. 

26. A system according to claim 16, further including 39. A method according to claim 38, wherein said 
power supply means, disposed on said platform means initializing step further includes the step of digitally 
for supplying power to components disposed on said verifying the device initialization by a witness, 
platform means. 40. A method according to claim 39, wherein said 

27. A system according to claim 16 further including 65 verifying step includes the step of generating a digital 
origination means for ttansmitting a digital message to certificate for said device, 

be time stamped to said data processing means, said data * * * * * 
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